Quickest Setup Possible
Step-by-Step Setup
- Preparing the Tunnel Master
This is a step by step introduction of what needs to be done on the OS/2 master PC,
in order for the Tunnel Master to function. We will assume that you have a clean
OS/2 PC with TCP/IP installed and configured. Before starting, lets us
make it clear that you can just start the Tunnel Master and it will work, but
you may not want to use default values for the more critical parts, such as
the password file:
- Enable IP-forwarding.
Because the Tunnel interface needs to pass data to several
interfaces on the TCP/IP stack, IP forwarding must be in place for proper function.
This can be done with the command
'ipgate on' (usually found in \mptn\bin\setup.cmd).
- Connect to the Internet.
A connection to the Internet is needed for the Tunnel to function, so
you may have that as step 1 in your automated Tunnel startup. However, with a leased
line to the Internet, you won't have this need.
- Set up the password file.
Valid Slave passwords are stored in the 'PASSWORD.TXT' file. The password
file must be located in the Tunnel Master directory (not subdirectory). Find a
more thorough description in the section: Tunnel security, above.
- Select IP address space.
The Tunnel Master represents one or more remote computers in your LAN. With
the IP address and Subnet Mask assigned to the Tunnel Master, you define
which packets are routed into the Tunnel driven Virtual Private Network.
Read more in the above section: Addressing.
- Firewall changes.
The Tunnel Master will work with any firewall and the only thing that
needs to be done, is to allow incoming traffic to the TCP port that you
choose for the Tunnel Master. The default TCP listen port is 1111.
Some firewalls have the ability to close TCP connections after a duration
of minutes and of course that should be turned off.
- Enable the "bring online" phone call to Slaves.
See how in the Dialer and Dial-On-Demand section. Skip
this step if you don't want the Tunnel Master to dial the remote Slaves.
- Start the Tunnel Master.
The Tunnel Master should now be ready to do the job of integrating
your entire LAN in the most beautiful and secure way.
Be aware that the Tunnel Master will change the looks of your TCP/IP stack. Each
remote node will have a PROXY ARP entry to inform your router/network that the
remote Slave IP addresses are reachable via the Tunnel Master PC.
Issuing 'netstat -r' will also show the new interface 'head0' added to the
TCP/IP stack. This interface will receive IP packets destined for the
remote Slaves.
- Preparing the Tunnel Slave
This is a step by step introduction of what needs to be done on the OS/2 slave PC,
in order for the Tunnel Slave to function. We will assume that you have a clean
OS/2 PC with TCP/IP installed and configured:
- Enable IP-forwarding.
Because the Tunnel interface needs to pass data to over several
interfaces on the TCP/IP stack, IP forwarding must be in place for proper function.
This can be done with the command
'ipgate on' (usually found in \mptn\bin\setup.cmd).
- Make sure there is no default route.
Do this by issuing the command 'netstat -r', then examine the output
for any routes with the destination set to "default".
A possible default route is deleted with the command:
'route delete default router_IP_address'.
You can also use the configuration utility 'TCPCFG.EXE' to re-configure
your route-table.
- Launch and connect the Internet dialer.
This step assumes that you will be using Dial-Up for your Tunnel. If
that is not the case, then use this step to verify that you do indeed
have the connection that you intend to use. Keep in mind that you just
deleted the default route.
When the Internet dialer is connected, you should again make sure that
you don't have a default route. If you use InJoy as your Internet Dialer,
you can use the option /D to skip the creation of the default route.
If your Internet dialer does not offer a similar switch, then remove the
the default following the instructions in the appropriate above step.
- Create host route to the name server.
The Tunnel Slave may need to resolve names and it will accordingly
require a path to a DNS. If your DNS is the one of your ISP, then
you are not able to get to it, because the default route no longer
exist. Instead, create a host route directly to the name servers
you wish to use.
Assuming your DNS is located at 123.145.156.167 and the ISP gateway
address is 111.111.111.111, then this command will add the necessary route:
route add host 123.145.156.167 111.111.111.111 1
If you have a corporate DNS and you give the address of the Tunnel Master
in decimal dotted notation (like 192.168.1.10) then you should not need the name server route.
- Set up the name server correctly.
Be sure to set up the 'RESOLV' and 'RESOLV2' files to match your
needs.
Scripts
Following you will find a set of customer-provided REXX scripts that
are being used to control the F/X Tunnel/2 behavior in combination
with InJoy and a DNS. A company DNS can be a powerful tool in automatic
configuration of remote sites and these scripts somewhat take advantage
of that approach.
The scripts are included in the distribution archive and listed here for your information and reference only. You
are welcome get ideas and cut and paste all you want.
There are no warranties and these scripts are not supported by F/X Communications.
Scripts |
|
File Name |
Description |
Comments |
ts_con.cmd |
Run at InJoy connect time |
InJoy from InJoy |
ts_discon.cmd |
Run at InJoy disconnect time |
Autostart from InJoy |
ts_reset.cmd |
Delete all configuration information |
User utility |
ts_set.cmd |
Run without parameters to show cached info |
Can be used to set any cached values |
ts_init.cmd |
Initialize the Slave profile |
Called from ts_con.cmd |
ts_dns.cmd |
Determine DNS info |
Called from ts_con.cmd |
ts_route.cmd |
Dynamic routing table management |
Called from ts_con.cmd |
ts_sniff.cmd |
Determine master and slave parameters |
Called from ts_con.cmd |
ts_launch.cmd |
Start tunnel slave |
Called from ts_con.cmd |
ts_tune.cmd |
Tune IP interfaces for performance |
Called from ts_con.cmd |
ts_aux.cmd |
Enable DHCP |
Called from ts_con.cmd |
|